On 05/02/2016 01:02 AM, Paul Gear wrote:
> Hi all,
>
> I upgraded my laptop from Ubuntu 15.10 to 16.04 today, which brought
> with it an upgrade to Shorewall 5.0.4. This version doesn't start
> completely correctly on my system, resulting in the following output on
> restart:
>
> root@localhost:~# shorewall6 restart
> Compiling using Shorewall6 5.0.4...
> Shorewall configuration compiled to /var/lib/shorewall6/.restart
> Stopping Shorewall6....
> /var/lib/shorewall6/.restart: 772: [: Illegal number: <my IPv6 OpenVPN
> address>
> done.
> Starting Shorewall6....
> /var/lib/shorewall6/.restart: 772: [: Illegal number: <my IPv6 OpenVPN
> address>
> done.
>
> I narrowed this down to a change in the output of ip. Ubuntu 16.04
> ships with iproute2 4.3.0, which changes the output format of tun
> interfaces to remove the netmask from the local IPv6 address. Here's a
> simplistic patch to fix:
>
> diff --git a/Shorewall/Perl/lib.runtime b/Shorewall/Perl/lib.runtime
> index 5bb83bd..abb32f7 100644
> --- a/Shorewall/Perl/lib.runtime
> +++ b/Shorewall/Perl/lib.runtime
> @@ -1110,7 +1110,7 @@ interface_is_usable() # $1 = interface
> #
> find_interface_addresses() # $1 = interface
> {
> - $IP -f inet6 addr show $1 2> /dev/null | grep 'inet6 2' | sed
> 's/\s*inet6 //;s/\/.*//;s/ peer.*//'
> + $IP -f inet6 addr show $1 2> /dev/null | grep 'inet6 2' | sed
> 's/\s*inet6 //;s/\/.*//;s/ peer [0-9a-f:]*//'
> }
>
> #
> @@ -1119,7 +1119,7 @@ find_interface_addresses() # $1 = interface
>
> find_interface_full_addresses() # $1 = interface
> {
> - $IP -f inet6 addr show $1 2> /dev/null | grep 'inet6 ' | sed
> 's/\s*inet6 //;s/ scope.*//;s/ peer.*//'
> + $IP -f inet6 addr show $1 2> /dev/null | grep 'inet6 ' | sed
> 's/\s*inet6 //;s/ scope.*//;s/ peer [0-9a-f:]*//'
> }
>
> #
>
> The issue seems to be mostly cosmetic, as the resulting changes are
> minor rules in the reject and Broadcast chains which don't appear to be
> applicable to IPv6, and won't ever likely be hit.Thanks Paul -- applied. > > As an aside, 'shorewall6 status' produces no output, whereas 'shorewall > status' produces the expected "Shorewall is running" message. Not sure > if this difference has been there for a long time or not... > Sounds like your VERBOSITY setting in shorewall6.conf is 0: root@debianvm:~/shorewall6-5.0.8.1# shorewall6 version 5.0.8.1 root@debianvm:~/shorewall6-5.0.8.1# shorewall6 status Shorewall6-5.0.8.1 Status at debianvm - Mon May 2 07:20:16 PDT 2016 Shorewall6 is running State:Started (Thu Apr 28 11:25:29 PDT 2016) from /etc/shorewall6/ (/var/lib/shorewall6/firewall compiled by Shorewall version 5.0.9-Beta1) root@debianvm:~/shorewall6-5.0.8.1# shorewall6 -V0 status root@debianvm:~/shorewall6-5.0.8.1# shorewall6 -V1 status Shorewall6-5.0.8.1 Status at debianvm - Mon May 2 07:21:24 PDT 2016 Shorewall6 is running State:Started (Thu Apr 28 11:25:29 PDT 2016) from /etc/shorewall6/ (/var/lib/shorewall6/firewall compiled by Shorewall version 5.0.9-Beta1) root@debianvm:~/shorewall6-5.0.8.1# -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
